Okta不以令牌返回自定义声明 [英] Okta not returning custom claims in tokens
问题描述
我刚刚在Okta注册了一个开发测试帐户,以使用Okta的身份验证服务和用户管理来测试OIDC.
I just signed up for a dev test account with Okta to test OIDC using Okta's auth service and user management.
使用他们的管理门户,我创建了另一个名为测试组"的组以及默认的所有人"组,并将我的单个用户添加到这两个组中.
Using their management portal, I created a second group called Test Group along with the default group of Everyone and added my single user to both groups.
然后我添加了一个名为My SPA的应用程序,并分配了测试组对此应用程序的访问权限.
I then added an application called My SPA and assigned the Test Group access to this application.
然后使用经典UI,编辑"OpenID Connect ID令牌"部分,并将组声明"类型设置为Expression,并添加groups作为声明名称,并添加getFilteredGroups(app.profile.groupwhitelist, "group.name", 40)作为表达式.
Using the classic UI, I then edited the OpenID Connect ID Token section and set Group claims type to Expression and added groups as the claim name and getFilteredGroups(app.profile.groupwhitelist, "group.name", 40) as the expression.
然后我去编辑授权服务器.我添加了一个正则表达式为*的名为组"的声明.可以与任何范围,访问令牌一起使用,并且始终包含.
I then went and edited the authorization server. I added a claim called 'groups' with a RegEx of *. to be used with any scope, access tokens and always include.
然后我使用令牌预览来选择我的用户并使用隐式授权流程,但是没有出现任何组.
I then use the Token Preview selecting my user and using implicit grant flow but no groups show up.
如何从Okta身份验证服务器获取用户的组以显示为ID或访问令牌中的声明?
How do you get a user's groups to show up as claims in the ID or Access Token from an Okta auth server?
修改 我所拥有的屏幕截图:
Edit Screen shots of what I have:
推荐答案
我只使用过开发者控制台进行配置.这是我的操作方式:
I’ve only ever used the Developer Console to configure things. Here’s how I did it:
导航到 API > 授权服务器,单击授权服务器标签,然后编辑默认选项卡.点击索赔标签,然后点击添加索赔.将其命名为组"或角色",并将其包含在ID令牌中.将值类型设置为"Groups",并将过滤器设置为.*的正则表达式.
Navigate to API > Authorization Servers, click the Authorization Servers tab and edit the default one. Click the Claims tab and Add Claim. Name it "groups" or "roles", and include it in the ID Token. Set the value type to "Groups" and set the filter to be a Regex of .*.
这篇关于Okta不以令牌返回自定义声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
